Skip to:
Content

BuddyPress.org

Changeset 4465


Ignore:
Timestamp:
06/06/2011 08:38:34 PM (13 years ago)
Author:
boonebgorges
Message:

Reintroduces bp_core_catch_no_access() and introduces bp_core_no_access(), to provide proper login and redirect support for non-logged-in users attempting to visit protected BP pages. Adds template_notices hook to bp-default index.php so that non-logged-in message is properly displayed. Fixes #3246. Huge props r-a-y

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/bp-core/bp-core-catchuri.php

    r4172 r4465  
    345345}
    346346
     347/**
     348 * Catches invalid access to BuddyPress pages and redirects them accordingly.
     349 *
     350 * @package BuddyPress Core
     351 * @since 1.3
     352 */
     353function bp_core_catch_no_access() {
     354    global $bp, $wp_query, $bp_unfiltered_uri, $bp_no_status_set;
     355
     356    // If bp_core_redirect() and $bp_no_status_set is true,
     357    // we are redirecting to an accessible page, so skip this check.
     358    if ( $bp_no_status_set )
     359        return false;
     360
     361    // If the displayed user was marked as a spammer and the logged-in user is not a super admin, redirect
     362    if ( isset( $bp->displayed_user->id ) && bp_core_is_user_spammer( $bp->displayed_user->id ) ) {
     363        if ( !is_super_admin() )
     364            bp_core_redirect( $bp->root_domain );
     365        else
     366            bp_core_add_message( __( 'This user has been marked as a spammer. Only site admins can view this profile.', 'buddypress' ), 'error' );
     367    }
     368
     369    // If BP_ENABLE_ROOT_PROFILES is not defined and the displayed user does not exist, redirect
     370    if ( !$bp->displayed_user->id && isset( $bp_unfiltered_uri[0] ) && $bp_unfiltered_uri[0] == $bp->members->slug && isset( $bp_unfiltered_uri[1] ) )
     371        bp_core_redirect( $bp->root_domain );
     372
     373    // Access control!
     374    if ( !isset( $wp_query->queried_object ) && !bp_is_blog_page() ) {
     375        if ( is_user_logged_in() ) {
     376            bp_core_no_access( array( 'redirect' => false, 'message' => __( 'You do not have access to that page', 'buddypress' ) ) );
     377        } else {
     378            bp_core_no_access();
     379        }
     380    }
     381}
     382add_action( 'wp', 'bp_core_catch_no_access' );
     383
     384/**
     385 * Redirects a user to login for BP pages that require access control and adds an error message (if
     386 * one is provided).
     387 * If authenticated, redirects user back to requested content by default.
     388 *
     389 * @package BuddyPress Core
     390 * @since 1.3
     391 */
     392function bp_core_no_access( $args = '' ) {
     393    global $bp;
     394
     395    $defaults = array(
     396        'mode'      => '1',         // 1 = $root, 2 = wp-login.php
     397        'message'   => __( 'You must log in to access the page you requested.', 'buddypress' ),
     398        'redirect'  => wp_guess_url(),  // the URL you get redirected to when a user successfully logs in
     399        'root'      => $bp->root_domain // the landing page you get redirected to when a user doesn't have access
     400    );
     401
     402    $r = wp_parse_args( $args, $defaults );
     403    extract( $r, EXTR_SKIP );
     404
     405    // Group filtering
     406    // When a user doesn't have access to a group's activity / secondary page, redirect to group's homepage
     407    if ( !$redirect ) {
     408        if ( bp_is_active( 'groups' ) && bp_is_current_component( 'groups' ) ) {
     409            $root = bp_get_group_permalink( $bp->groups->current_group );
     410            $message = false;
     411        }
     412    }
     413
     414    // Apply filters to these variables
     415    $mode       = apply_filters( 'bp_no_access_mode', $mode, $root, $redirect, $message );
     416    $redirect   = apply_filters( 'bp_no_access_redirect', $redirect, $root, $message, $mode );
     417    $root       = trailingslashit( apply_filters( 'bp_no_access_root', $root, $redirect, $message, $mode ) );
     418    $message    = apply_filters( 'bp_no_access_message', $message, $root, $redirect, $mode );
     419
     420    switch ( $mode ) {
     421        // Option to redirect to wp-login.php
     422        // Error message is displayed with bp_core_no_access_wp_login_error()
     423        case 2 :
     424            if ( $redirect ) {
     425                bp_core_redirect( wp_login_url( $redirect ) . '&action=bpnoaccess' );
     426            } else {
     427                bp_core_redirect( $root );
     428            }
     429        break;
     430
     431        // Redirect to root with "redirect_to" parameter
     432        // Error message is displayed with bp_core_add_message()
     433        case 1 :
     434        default :
     435            if ( $redirect ) {
     436                $url = add_query_arg( 'redirect_to', urlencode( $redirect ), $root );
     437            } else {
     438                $url = $root;
     439            }
     440
     441            if ( $message ) {
     442                bp_core_add_message( $message, 'error' );
     443            }
     444
     445            bp_core_redirect( $url );
     446        break;
     447    }
     448}
     449
     450/**
     451 * Adds an error message to wp-login.php.
     452 * Hooks into the "bpnoaccess" action defined in bp_core_no_access().
     453 *
     454 * @package BuddyPress Core
     455 * @global $error
     456 * @since 1.3
     457 */
     458function bp_core_no_access_wp_login_error() {
     459    global $error;
     460
     461    $error = apply_filters( 'bp_wp_login_error', __( 'You must log in to access the page you requested.', 'buddypress' ), $_REQUEST['redirect_to'] );
     462
     463    // shake shake shake!
     464    add_action( 'login_head', 'wp_shake_js', 12 );
     465}
     466add_action( 'login_form_bpnoaccess', 'bp_core_no_access_wp_login_error' );
     467
    347468?>
  • trunk/bp-themes/bp-default/functions.php

    r4433 r4465  
    658658add_action( 'comment_form', 'bp_dtheme_after_comment_form' );
    659659endif;
     660
     661/**
     662 * Adds a hidden "redirect_to" input field to the sidebar login form.
     663 * Put here temporarily for proof-of-concept.
     664 *
     665 * @since 1.3
     666 */
     667function bp_dtheme_sidebar_login_redirect_to() {
     668    $redirect_to = apply_filters( 'bp_no_access_redirect', isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '' );
    660669?>
     670    <input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" />
     671<?php
     672}
     673add_action( 'bp_sidebar_login_form', 'bp_dtheme_sidebar_login_redirect_to' );
     674
     675?>
  • trunk/bp-themes/bp-default/index.php

    r4412 r4465  
    55
    66        <?php do_action( 'bp_before_blog_home' ) ?>
     7       
     8        <?php do_action( 'template_notices' ) ?>
    79
    810        <div class="page" id="blog-latest" role="main">
Note: See TracChangeset for help on using the changeset viewer.